grafana
This commit is contained in:
@@ -53,7 +53,7 @@ in
|
||||
caddy = enabled;
|
||||
cockpit = {
|
||||
enable = true;
|
||||
port = 9090;
|
||||
port = 9091;
|
||||
};
|
||||
calibre = {
|
||||
enable = false;
|
||||
|
||||
@@ -233,7 +233,7 @@ in
|
||||
|
||||
services = {
|
||||
grafana = {
|
||||
enable = false;
|
||||
enable = true;
|
||||
port = 9999;
|
||||
};
|
||||
};
|
||||
|
||||
@@ -140,7 +140,7 @@ in
|
||||
group = "keys";
|
||||
restartUnits = [
|
||||
"nextcloud.service"
|
||||
"prometheus-nextcloud-exporter.service"
|
||||
"prometheus-nextcloud-exporter.service" # actual systemd unit name
|
||||
];
|
||||
};
|
||||
"jallen-nas/nextcloud/smtp_settings" = {
|
||||
@@ -285,6 +285,21 @@ in
|
||||
sopsFile = defaultSops;
|
||||
restartUnits = [ "podman-authenticRac.service" ];
|
||||
};
|
||||
|
||||
# ------------------------------
|
||||
# Grafana
|
||||
# ------------------------------
|
||||
# secret_key was previously the upstream default "SW2YcwTIb9zpOOhoPsMm".
|
||||
# It is stored here so Grafana can read it via the file provider without
|
||||
# embedding it in the world-readable Nix store.
|
||||
# To rotate: use https://github.com/erooke/grafana-secretkey-rotation-tool
|
||||
"jallen-nas/grafana/secret-key" = {
|
||||
sopsFile = defaultSops;
|
||||
owner = "grafana";
|
||||
group = "grafana";
|
||||
mode = "0400";
|
||||
restartUnits = [ "grafana.service" ];
|
||||
};
|
||||
};
|
||||
|
||||
# ------------------------------
|
||||
|
||||
@@ -44,14 +44,16 @@ in
|
||||
};
|
||||
root.shell = pkgs.zsh;
|
||||
|
||||
# Allow the Prometheus Nextcloud exporter to read its password secret.
|
||||
prometheus-nextcloud-exporter = {
|
||||
# The NixOS nextcloud exporter runs as 'nextcloud-exporter' (the default
|
||||
# generated by the exporter base module). Add it to 'keys' so it can
|
||||
# read the SOPS-managed adminpassword secret.
|
||||
nextcloud-exporter = {
|
||||
isSystemUser = true;
|
||||
group = "prometheus-nextcloud-exporter";
|
||||
group = "nextcloud-exporter";
|
||||
extraGroups = [ "keys" ];
|
||||
};
|
||||
};
|
||||
|
||||
groups.prometheus-nextcloud-exporter = { };
|
||||
groups.nextcloud-exporter = { };
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user